gcmurphy/slowpoke.py

## slowpoke.py
import argparse
import datetime
import random
import socket
import ssl
import string
import time
import traceback
from urllib.parse import urlparse
from pprint import pprint

def rand_str(length):
    s = ''
    for i in range(length):
        s += random.choice(string.ascii_letters)
    return s

def run_post_check(host, port, delay, use_ssl):
    print("Slowly sending POST data...")
    print("Host: " + host)
    print("Port: " + str(port))
    print("SSL Mode: " + str(use_ssl))
    print("Start time: " + time.ctime())
    start = datetime.datetime.now()
    try:
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        if use_ssl:
            s = ssl.wrap_socket(s)
        s.connect((host, port))
        s.send(b"POST / HTTP/1.1\r\n")
        s.send(b"Accept: */*\r\n")
        s.send(b"Connection: keep-alive\r\n")
        s.send(b"Content-Length: 999999\r\n")
        s.send(b"\r\n")
        for i in range(1, 1000000):
            s.send("{}={}&".format(rand_str(8), rand_str(4)).encode('utf-8'))
            time.sleep(delay)

        s.close()
    except Exception as err:
        traceback.print_exc()
        print(err)
    finally:
        print("Finished time: " + time.ctime())
        duration = datetime.datetime.now() - start
        print(f"{duration.seconds} seconds elapsed")


def run_get_check(host, port, delay, use_ssl):
    print("Slowly sending GET request headers..")
    print("Host: " + host)
    print("Port: " + str(port))
    print("SSL Mode: " + str(use_ssl))
    print("Start time: " + time.ctime())
    start = datetime.datetime.now()
    try:
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        if use_ssl:
            s = ssl.wrap_socket(s)
        s.connect((host, port))
        s.send(b"GET / HTTP/1.1\r\n")
        s.send(b"Accept: */*\r\n")
        s.send(b"Connection: keep-alive\r\n")
        while True:
            s.send("X-a: {}\r\n".format(rand_str(64)).encode("utf-8"))
            time.sleep(delay)

        s.close()
    except Exception as err:
        traceback.print_exc()
        print(err)
    finally:
        print("Finished time: " + time.ctime())
        duration = datetime.datetime.now() - start
        print(f"{duration.seconds} seconds elapsed")


def main():
    parser = argparse.ArgumentParser(description="check for slowloris attack")
    parser.add_argument("--url", required=True, help="url check")
    parser.add_argument("--delay", default=5, type=int, help="delay between characters sent in body")

    args = parser.parse_args()
    parts = urlparse(args.url)
    netloc = parts.netloc.split(":")
    if len(netloc) > 1:
        host, port = netloc
        port = int(port)
    else:
        host = netloc[0]
        port = 443 if parts.scheme == 'https' else 80

    run_get_check(host, port, args.delay, parts.scheme == 'https')
    run_post_check(host, port, args.delay, parts.scheme == 'https')


if __name__ == "__main__":
    main()
	import argparse
	import datetime
	import random
	import socket
	import ssl
	import string
	import time
	import traceback
	from urllib.parse import urlparse
	from pprint import pprint

	def rand_str(length):
	s = ''
	for i in range(length):
	s += random.choice(string.ascii_letters)
	return s

	def run_post_check(host, port, delay, use_ssl):
	print("Slowly sending POST data...")
	print("Host: " + host)
	print("Port: " + str(port))
	print("SSL Mode: " + str(use_ssl))
	print("Start time: " + time.ctime())
	start = datetime.datetime.now()
	try:
	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	if use_ssl:
	s = ssl.wrap_socket(s)
	s.connect((host, port))
	s.send(b"POST / HTTP/1.1\r\n")
	s.send(b"Accept: /\r\n")
	s.send(b"Connection: keep-alive\r\n")
	s.send(b"Content-Length: 999999\r\n")
	s.send(b"\r\n")
	for i in range(1, 1000000):
	s.send("{}={}&".format(rand_str(8), rand_str(4)).encode('utf-8'))
	time.sleep(delay)

	s.close()
	except Exception as err:
	traceback.print_exc()
	print(err)
	finally:
	print("Finished time: " + time.ctime())
	duration = datetime.datetime.now() - start
	print(f"{duration.seconds} seconds elapsed")


	def run_get_check(host, port, delay, use_ssl):
	print("Slowly sending GET request headers..")
	print("Host: " + host)
	print("Port: " + str(port))
	print("SSL Mode: " + str(use_ssl))
	print("Start time: " + time.ctime())
	start = datetime.datetime.now()
	try:
	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	if use_ssl:
	s = ssl.wrap_socket(s)
	s.connect((host, port))
	s.send(b"GET / HTTP/1.1\r\n")
	s.send(b"Accept: /\r\n")
	s.send(b"Connection: keep-alive\r\n")
	while True:
	s.send("X-a: {}\r\n".format(rand_str(64)).encode("utf-8"))
	time.sleep(delay)

	s.close()
	except Exception as err:
	traceback.print_exc()
	print(err)
	finally:
	print("Finished time: " + time.ctime())
	duration = datetime.datetime.now() - start
	print(f"{duration.seconds} seconds elapsed")


	def main():
	parser = argparse.ArgumentParser(description="check for slowloris attack")
	parser.add_argument("--url", required=True, help="url check")
	parser.add_argument("--delay", default=5, type=int, help="delay between characters sent in body")

	args = parser.parse_args()
	parts = urlparse(args.url)
	netloc = parts.netloc.split(":")
	if len(netloc) > 1:
	host, port = netloc
	port = int(port)
	else:
	host = netloc[0]
	port = 443 if parts.scheme == 'https' else 80

	run_get_check(host, port, args.delay, parts.scheme == 'https')
	run_post_check(host, port, args.delay, parts.scheme == 'https')


	if __name__ == "__main__":
	main()